This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appengine-go-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 08:45:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum cae27caa447b532cb7221db25535ec94a8656a94 * md5sum 7853fbf74e43c23cc1053abd350d53a2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc2oMAAoJEIXCXpWhbrlN8q4H/ikyC2q+oGQrUy+qPnNxEulW opwqkdb0mY4IX2WYxX4GP3oQOBSJOZ4bwCN+Hj0IALlO45auGSuupxuo0SMFaSfJ 0pz3L3enzZiCBEjLoB6KQ8FgDOzImKF4QP8fQXP7XmVEifkq6Wq/SNsLVMIGxF9/ zwUpQxs1E0gT4BP6aSNZ6XGjGPbJgrzG5ATSbcp1MdEDMo/tGxZ228bMiSEanLv+ F+srpSYJn8xr20iq3M4pzDBR9BG3XAsIis4m6cSs6lLNl5CGNAX9Qpb5aQTYsA3n n/XIG8AeLHyr0rxihtF3aKW2K2HkjeT2mRva3OY4HGaeEFXHEG3fGman3ux+9bU= =6LEU -----END PGP SIGNATURE-----